Vulnerabilities > SZ Fujia

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-28	CVE-2022-24187	Authorization Bypass Through User-Controlled Key vulnerability in Sz-Fujia Ourphoto 1.4.1 The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. network low complexity sz-fujia CWE-639	7.5
2022-11-28	CVE-2022-24188	Cleartext Storage of Sensitive Information vulnerability in Sz-Fujia Ourphoto 1.4.1 The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. network low complexity sz-fujia CWE-312	7.5
2022-11-28	CVE-2022-24189	Incorrect Authorization vulnerability in Sz-Fujia Ourphoto 1.4.1 The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. network low complexity sz-fujia CWE-863	6.5
2022-11-28	CVE-2022-24190	Missing Authorization vulnerability in Sz-Fujia Ourphoto 1.4.1 The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. network low complexity sz-fujia CWE-862	7.5

Vulnerabilities > SZ Fujia {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"SZ Fujia"}]}